Thursday, March 21, 2013

FreeBSD Update Script

This is a script I stole from someone else and modified.
It originally used portupgrade, but portmaster is better in my opinion.
The script basically looks for all out of date ports and runs through upgrading them.
Additionally it asks you to configure them and does this for all dependencies as well.

This isn't one of those set it and forget scripts you can put in crontab - you actually need to pay attention when upgrading ports and this script needs your full attention.

There a few pre-requisite things that must be addressed:
1) Make sure ports is installed or if it is installed, up to date

To Install Ports:
portsnap fetch extract

To Update Ports:
portsnap fetch update

2) Install portaudit

cd /usr/port/ports-mgmt/portaudit
make install clean

3) Install portmaster
cd /usr/ports/ports-mgmt/portmaster
make install clean

4) Create a log file /var/log/freebsd-update.log
touch /var/log/freebsd-update.log

--Script Start--


echo "Starting updates: `date`" | tee -a ${LOG_FILE}
echo "***"
echo "*** Checking for FreeBSD patches..."
echo "***"
/usr/sbin/freebsd-update fetch | tee -a ${LOG_FILE}
/usr/sbin/freebsd-update install | tee -a ${LOG_FILE}

echo "***"
echo "*** Updating ports tree..."
echo "***"
/usr/sbin/portsnap fetch update | tee -a ${LOG_FILE}

echo "***"
echo "*** Looking for ports to update..."
echo "***"
/usr/local/sbin/portmaster -a --force-config -d -b -t -v -y -t | tee -a ${LOG_FILE}

echo "***"
echo "*** Checking installed ports for known security problems..."
echo "***"
/usr/local/sbin/portaudit -Fva | tee -a ${LOG_FILE}
echo "Finished updates: `date`" | tee -a ${LOG_FILE}
--Script End--

Word of note if you need to exclude something add a -x after the -t and put in the name or partial name of a port such as:

/usr/local/sbin/portmaster -a --force-config -d -b -t -v -y -t -x LSOF | tee -a ${LOG_FILE}

You'll need to do a separate -x for each port you want to exclude.